drupal6-cck

2010-08-22

Page content

Author: Miklos Vajna
Vulnerable: 6.x_2.7-1locris1
Unaffected: 6.x_2.8-1locris1

A vulnerability has been reported in the Drupal Content Construction Kit (CCK), which can be exploited by malicious users to disclose sensitive information. The vulnerability is caused due to the CCK “Node Reference” not properly validating field access levels on the source field of the backend URL, which can be exploited to view node titles and IDs of otherwise restricted nodes.

Bug Tracker URL: http://bugs.frugalware.org/task/4289

CVEs:

No CVE, see http://drupal.org/node/880736.